Tuesday, July 23, 2019

Help clustering two ISE servers

So i'd say I'm novice at best with ISE. I've done some management with it but nothing major. We're working on moving our physical ISE cluster to Virtual. I've got them both installed, both with an FQDN that is reachable by both of them. They are in the same subnet, and not firewalled.

I've setup one as primary, and imported the default signed server certificate from the secondary (saw some guides mention to do this).

When I go to register the secondary node I get a warning that the node i'm registering has a self signed certificate. I click to import and proceed and simply get "Unable to authenticate ISE NME-ISEVIRTU-02.NETMAN.DEV. Please check certificate configuration. Make sure from "Primary Admin node", system certificate chain of registering node is present in the "Trusted certificates" and is enabled with "Trust for authentication with in ISE" option selected.

I'm not finding much in answers as to what to do with this. I've seen suggested to import all my cisco services trusted certificates to the secondary (which I tried) but that's about it aside from it being an FQDN issue which doesn't appear to be happening.

Anyone have some insight on what might be wrong?



No comments:

Post a Comment